By default, NSX Manager uses a self-signed Secure Sockets Layer (SSL) certificate. This certificate is not trusted by end-user devices or web browsers. It is a security best practice to replace these certificates with certificates that are signed by a third-party or enterprise Certificate Authority (CA).
Design ID |
Design Decision |
Design Justification |
Design Implication |
|---|---|---|---|
ROBO-VI-SDN-031 |
Replace the NSX Manager certificate with a certificate signed by a third-party Public Key Infrastructure. |
Ensures communication between NSX administrators and the NSX Manager are encrypted by a trusted certificate. |
Replacing and managing certificates is an operational overhead. |
